Man used Facebook to hack women's e-mails

January 14, 2011 11:46:57 PM PST
A Sacramento-area man pled guilty this week to invading the lives countless women by hacking using their Facebook information to hack into their e-mail accounts.

Facebook is a place to connect with friends, look at photos, and share information. It's also prime hunting ground for hackers. That's what George Bronk did.

"He looked at the profiles and found information like people's e-mail addresses and then he found out the names of their pets, or their boyfriends, or where they live, and through that he'd decipher passwords," says technology analyst Larry Magid.

Bronk admitted he targeted female Facebook users and guessed their password based on the personal information on their home page. Then, he'd take over and find and e-mail nude photos of the women. The victims were in California, 16 other states, and in England.

"This is a good example of something that we call a social engineering attack," says Atri Chatterjee from Symantec.

Chatterjee leads Symantec's user authentication division. He says this attack could have been a lot worse.

"It could easily be used for lots of other things, ID theft, fraud, stealing money," says Chatterjee.

But in this case, Bronk's main objective was to embarrass the women. Still, the experts agree the hacking could have been avoided.

"Too many people were putting too much information on Facebook," says Magid.

Magid recently published a parent's guide to Facebook. It helps users create safe and secure profiles. Something many adult users admit they don't often do.

"My password is one of my hobbies because it's something I can remember," says Uyen Lai from Campbell.

And Lai's hobbies are listed on her Facebook page.

"That never even crossed my mind that that was something they would do," says Lai.

One way to create a password that is hard to guess is to take a sentence like, 'I visited Michigan in 1990.' And then use just the first letters of each word. So your password would be IVMI1990.